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[57] ABSTRACT' 

Disclosed is a system and method for providing a reuser 
of a software reuse library with an indication of 
whether or not a software component from the reuse 
library is authentic and whether or not the software 
component has been modified. The system and method 
disclosed provides a reuser with assurance that the soft- 
ware component retrieved was placed in the reuse li- 
brary by the original publisher and has not modified by 
a third party. The system and method disclosed uses a 
hybrid cryptographic technique that combines a con- 
ventional or private key algorithm with a public key 
algorithm. 
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component being purchased is the software producer 

HYBRID ENCRYPTION METHOD AND SYSTEM and not some other third party. There is also a critical 
FOR PROTECTING REUSABLE SOFTWARE need to provide the reuser with an assurance that a 
COMPONENTS software component has not been corrupted or modi- 



fied. 

SUMMARY OF THE INVENTION 



BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention relates to a system and method The present invention is directed to a method and 

for protecting reusable software components. In partic- apparatus that satisfies these needs. It is an object of the 

ular the present invention encrypts software compo- 10 invention to provide an integrity mechanism that pro- 

nents in a reusable software component library to pro- vides an indication that a software component has been 

tect against unauthorized modification and to assure modified. 

authenticity of software components when the software It is an object of the invention to quickly provide an 

components are decrypted by a reuser. integrity mechanism that provides an indication that a 

2. Description of the Prior Art ^ software component has been modified. It is a still a 
The ability to produce ever larger software systems further object to prevent, third parties from modifying 

while improving theft quality and reducing theft devel- software components in a reuse library. It is an object of 
opment time crucially depends upon a capability to the invention to provide an authentication mechanism 
"reuse" previously developed software components in that provides reusers with assurance that the software 
new systems. There is an emerging electronic market- 20 component is the authentic product of its stated pub- 
place that will enable potential reusers to browse librar- i^her. It is yet another object of the invention to pre- 
ies of software components, select suitable ones, and vent third parties from passing off their software corn- 
obtain them for reuse. Rudiments of such a marketplace p0 nents as that of another. It is still another object of the 
already exist in operational software reuse hbraries. invention to provided for the authenticity of a software 
Such libraries, though, are vulnerable to the unautho- 25 c nent ^ m indicatioa of whether ^ software 
nzed modification of existing code or to unscrupulous component has been modified. 

parties who might m^represent the origin of code Accordingly, the present invention provides a system 

which they j place into jhe library. and method for proving a reuser wiA an mdication of 

A reuse horary must provide protection against the whethef or n< / a component from a reuse 
unauthorized modification of software components in 30 " . " . 7 ; \ F " , ^ 
order for the software reuse rLketpla^Te^erg^ hbrar * 15 ^J"" 1 52"^ ™* th + e . softw f e 
Without such protection publishers would be reluctant ^ been modified. The present invention 
to place their software in a reuse library and reusers ™*Pnse* a me u thod for reus *S wftwarc components 
would be reluctant to use software components from the integrity and authenticity of the soft- 
the reuse library. Without such protection software 35 ware components. The method comprises generating an 
components are subject to modification for purposes of software component record by encrypting a plaintext 
malice, sabotage, espionage or others. Modifications by representation of a software component into a en- 
an innocent third party can also cause problems due to crypted software component with a first cryptographic 
incompetence, carelessness, a lack of discipline or mis- algorithm using first key; hashing the encrypted soft- 
understanding. The ability of a third party to modify a 40 ware component to generate a first hash digest; encrypt- 
software component without detection cannot be toler- m S the first digest and the first key using a second 
ated in the reuse marketplace. cryptographic algorithm with a second key, wherein 

The authentication problem arises where an unscru- said second cryptographic algorithm is of a public key 

pulous party seeks to pass off (or palm off) their soft- type and said second key is the private key associated 

ware components as that of another publisher thereby 45 with at least one public key, said software component 

preying on the reputation and goodwill of other pub- record consisting of the encrypted software component, 

Ushers. This is of particular importance in the reuse the encrypted hash digest, and the encrypted first key. 

marketplace because reusers can often only rely on the The software component record is then stored in a reuse 

reputations and software development processes used library. The software component can then be retrieved 

by software publishers. 50 fro m the reuse library. The plaintext representation of 

Many agencies today are actively involved in devel- the software component is then generated by obtaining 

oping and evolving their software development pro- a public key associated with the second key from a 

cesses. Independent organizations such as the Software public key directory; decrypting the encrypted hash 

Engineering Institute (SEI) evaluate these processes digest and the encrypted first key into the decrypted 

and rate them according to an established set of criteria. 55 first key and the decrypted first hash digest using the 

Reusers can rely on these evaluations in making their public key and the second cryptographic algorithm; 

reuse selections. hashing the encrypted software component to generate 

There are also legal considerations to be considered a second hash digest; comparing the second hash digest 
such as who is representing that they created the soft- with the decrypted first hash digest, and if not identical 
ware. Under current copyright law the innocent in- 60 indicating that the software component is corrupted, if 
fringer loses against the true owner of the copyrighted identical indicating that the software is not corrupted; 
work. The reuser needs some assurance that publisher decrypting the encrypted software component into the 
has the right to permit the reuser to make use of the plaintext representation using the decrypted first key 
software component Without such assurances the and the first encryption algorithm, 
reuser risks any gains by reuse in a subsequent legal 65 The present invention comprises a network of corn- 
battle, puter systems comprising a reuse library, a directory, at 

There is a critical need to provide a reuser with an least one publisher's workstation and at least one reu- 

assurance that the identity of the producer of software ser*s workstation. The reuse library having a plurality 
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of encrypted software components each software com- FIG. 7 depicts the steps required to generate a plain- 

ponent record having an encrypted software compo- text representation of a software component from a 

nent, an encrypted hash digest, and an encrypted first software component record. 

key; the reuse library also having a storage means for FIG. 8 depicts one embodiment of a computer system 

storing encrypted software components and a retrieval 5 for generating a software component record, 

means for retrieving encrypted software components.- FIG. 9 depicts one embodiment of a computer system 

The directory containing a list of publishers and an for generating a software component from a software 

associated list of public keys. A publisher's workstation component record. 

coupled to the reuse library, having an first encrypting FIG. 10 depicts one embodiment of a computer sys- 
means for encrypting a plaintext representation of a 10 tem for toe reuse library, 
software component into a encrypted software compo- DETAILED DESCRIPTION OF THE 
nent with a first cryptographic algorithm using first INVENTION 
key; an hashing means for hashing the encrypted soft- 
ware component to generate a first hash digest; a sec- DEFINITIONS 
ond encrypting means for encrypting the first hash. 15 OVERVIEW 

digest and the first key using a second cryptographic IIL CRYPTOGRAPHIC ALGORITHMS & FUNC- 

algorithm with a second key, wherein said second cryp- "P^JvJrL© x/row 

tographic algorithm is of a public key algorithm type J- p^llCKVY and rONVFNTTONAT PttYP 

and said second key is the publisher's private key associ- ^r^Z^^^J^^^!^ 

ated with a publisher's public key, said software compo- 20 TOGRAPHIC SYSTEMS 

nent record^nsistingof the encrypted software com- C ™E CRYPTOGRAPHIC ALGO- 

ponent, the encrypted hash digest, and the encrypted 7^5 . 

first key; a communications means for sending the soft- \ ™ ^ A\ [uS^ 

ware component record to the reuse library for storage ^ HASfflN^ S 

by the storage means. A reuser workstation coupled to jy PUBLISHING 

the reuse library, said reuser workstation having a re- ^ DESCRIPTION 

questing means for sending a request to the reuse library D ' nuDnnn „ xr — 

? J., * j & B. EMBODIMENTS 

for a desired encrypted software component, wherein y reusing 

said request causes the retrieval means of the reuse ^ 0 \ DESCRIPTION 

library to retrieve the desired software component and g ' browsing MEANS 

send it to the requesting workstation; a means for ob- q EMBODIMENTS 

taming the public key from the directory, said public yj REUSE LIBRARY 

key associated with the second key of the desired en- ^ DESCRIPTION 

cryp ted software component; a first decrypting means 35 g EMBODIMENTS 

for decrypting the encrypted hash digest and the en- yjj DIRECTORY 

cryp ted first key into the decrypted first key and the yj^ ADVANTAGES AND CLOSING 

decrypted first hash digest using the public key and the 

second cryptographic algorithm; an hashing means for I- DEFINITIONS 
hashing the encrypted software component to generate 40 A "SOFTWARE COMPONENT" is a set of state- 
a second hash digest; a comparing means for comparing ments or instructions to be used directly or indirectly in 
the second hash digest with the decrypted first hash a computer in order to bring about a certain result, 
digest, and if not identical indicating that the software Thus, a software component can consist of a complete 
component is corrupted, if identical indicating that the software application, a set of related, applications, a 
software is not corrupted; a second decrypting means 45 mo dule ( a single procedure or program, a set of proce- 
for decrypting the encrypted software component into dures or programs, a software package or a set of soft- 
the plaintext representation using the decrypted first ware packages. It is preferable for reuse software corn- 
key and the first encryption algorithm. ponents to be provided in source code in human read- 

BRIEF DESCRIPTION OF THE DRAWINGS able format - 

50 

The foregoing and other objects, aspects and advan- OVERVIEW 

tages of the invention will Inc better understood from FIG. 1 shows the major elements of the present in- 

the following detailed description with reference to the vention a publisher 101, a reuse library 103, a directory 

drawings, in which: 105 and a reuser 107. The reuse library 103 can contain 

FIG. 1 shows a functional overview of the present 55 many software components. The software components 

invention. are created by software providers. These software pro- 

FIG. 2 shows a functional overview of the present viders, called publishers herein, are responsible for the 

invention depicting multiple publishers and multiple creation of software components. The act of placing the 

reusers. software component into the reuse library is referred 

FIG. 3 depicts generating various components of a 60 herein as publishing the software component. Once 

software component record. placed in the reuse library by a publisher, the software 

FIG. 4 depicts a representation of a software compo- component becomes available for reuse by other enti- 

nent record. ties. These other entities may consist of individuals, 

FIG. 5 depicts the steps required to generate various corporations, associations, government branches agen- 

components of a software component record. 65 cies or departments. The reuser 107 must decide 

FIG. 6 depicts generation of the plaintext representa- whether a software component placed in the reuse li- 

tion of a software component from a software compo- brary is suitable for an application or software require- 

nent record. ment that they may have. The reuser can browse soft- 
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ware components in the reuse library while determining key from the directory of publisher's public keys. The 
whether any software components suit the reuser's par- public key may be made available in a separate note- 
ticular requirements. By making use of software compo- book, a traditional book, a separate file server, or as part 
nents in the reuse library the reuser can reduce their of the reuse library. The directory 105 may also be 
software development costs. The act or process 5 provided on a trusted platform connected to the reuser 
whereby a reuser selects a software component for use by a trusted path to assure that only authorized reusers 
in an application or software effort is herein referred to are provided with access to the reuse library. With the 
as reusing. Reusing includes browsing of software com- pu blic key the reuser is able to obtain the plaintext rep- 
ponents in the reuse library. resentation of the software component. 

Although FIG. 1 shows only one publisher 101 and 10 
one reuser 107 the present invention contemplates many IH. CRYPTOGRAPHIC ALGORITHMS & 

publishers and many reusers. In fact publishers may also FUNCTIONS 
be reusers and reusers may also be publishers. Multiple ^ OVERVIEW 

publishers and multiple reusers are shown in FIG. 2. 

The reuse library 103 may also consists of multiple 15 . Cryptography is the transformation of intelligible 
libraries where each library is orientated towards par- information into apparently unintelligible form in order 
ticular classes of reusers. For instance, based on lan- *° conceal the information from unauthorized parties, 
guage type (e.g., C or Ada) or based on the type of Cryptography is a known practical method to protect 
application (e.g., real time systems or embedded sys- information transmitted electronically through commu- 
tems) or by application or function (e.g., accounting, 20 nications network and as will be shown with the present 
navigation, air traffic control, word processing, etc.). invention can be an economical way to protect stored 
Thus, a multitude of reuse libraries are contemplated by The cryptographic transformation of data is de- 

the present invention. The reuse library may also per- fi fle d Dv a cryptographic algorithm or procedure 
form certain classifying or cataloging functions so that a under the control of a value called a cryptographic key. 
software component is indexed properly or more easily 25 See text "Cryptography and Data Security," by Den- 
located by a potential user. ning, Addison- Wesley Publishing Company (1982). 

When the publisher 101 decides that a particular Cryptographic methods can be used to protect not 
software component is ready for the reuse library 103 only the confidentiality of data, but the integrity of data 
several steps must be taken so that an eventual reuser is as well. Data confidentiality is the protection of infor- 
assured that it is the particular publisher's software 30 mation from unauthorized disclosure. Data integrity is 
component and not an impostor's and that the software the protection of information from unauthorized modi- 
component has not been modified. The software com- fication. 

ponent as developed by the publisher typically consists There are two basic elements associated with any 
of a plaintext representation. This is typically an ASCII cryptographic system. These elements are a set of un- 
or EBCDIC encoded representation. An operator can 35 changing rules or steps called a cryptographic algo- 
thus view the software component on a display screen rithm and a set of variable cryptographic keys. The 
or print the software component on a printer. The plain- algorithm is composed of encrypting and decrypting 
text representation is the unencrypted format Before procedures which usually are identical or simply consist 
transmitting or sending the software component to the 0 f the same steps performed in reverse order, but which 
reuse library the software component is encrypted using 40 can be dissimilar. The keys selected by the user consist 
the hybrid encryption technique of the present inven- c f a sequence of numbers or characters. An encryption 
tion. Two cryptographic algorithms are used to encrypt k ey (Ke) is used encrypt plaintext X into ciphertext Y as 
the software component a conventional key algorithm shown below 
and a public key algorithm. The encrypted software 
component is then sent to the reuse library for storage 45 EkAX)=y 
and eventual retrieval by a reuser. The encrypting or 

enciphering method assures that any reuser of the soft- and a decryption key (Kd) is used to decryption cipher- 
ware component is provided with notice that the soft- text Y into plaintext X as shown below, 
ware component has been modified or that the software 

component is not authentic (i.e., that the publisher asso- 50 DK&EKAXi\=DKifiy\~x. 
dated with the software component in the reuse library 

is not in fact the actual publisher). The publisher en- PUBLIC KEY and CONVENTIONAL 

crypts the software component using the hybrid tech- rpvDTnrD adutp qvctcxjtc 

nique using the publisher's private cryptographic key. CKYFIOMCAKUC £>Y5>Tfc,M5> 

Only the publisher knows the private key. This key 55 There are two basic types of Cryptographic algo- 
must be safeguarded by the publisher if they are to rithms: conventional and public key (also referred to as 
assure the integrity of their software components. In symmetric and asymmetric). With a conventional algo- 
order for the encrypted software component to be de- rithm the encryption and decryption keys may either be 
crypted the reuser must use the publisher's public key. easily computed from each other or the keys may be 
The public key is associated with the publishers private 60 identical (Ke=Kd=K). In a public key algorithm, one 
key, but cannot be used to derive the private key. key (usually the encryption key) is made public and a 

In order for the reuser to make of use of an encrypted different key (usually the decryption key) is kept pri- 
software component the reuser must decrypt the en- vate. As will be discussed in detail below the present 
crypted software component from its encrypted, into its invention utilizes the private key to encrypt and the 
plaintext representation. The present invention requires 65 public key to decrypt With a public key system it must 
that the reuser have the publishers public key in order not be possible to deduce the private key from the pub- 
to obtain the plaintext representation of the software lie key. When an algorithm is made public, for example 
component. The reuser obtains the publishers public with a published encryption standard, cryptographic 
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security completely depends on protecting these cryp- 
tographic keys. * C. EXAMPLE CRYPTOGRAPHIC ALGORITHMS 

To keep information secret, and to achieve privacy, a 1. Conventional Algorithms 

reversible algorithm must be used. This allows for re- Data Encryption Standard (DES) 
versing the encryption process to recover the software 5 yv k^^j 
component or data item. However, encryption alone is T** Data Encryption Standard (DES) is described in 
insufficient to assure that information is not altered Fede ral Information Processing Standard Publication 
during storage. This is most evident when encryption (PIPS PUB) 46 and available from the National Techni- 
with a public key algorithm is used. With a public key 031 Information Service, 5285 Port Royal Road, Spring- 
system as used with the present invention, any one can 10 fi ? ld > Va * 22161. DES hardware is available from Tech- 
decrypt using the public decryption key, unlike public nical Communications Corp. 
key systems where the public key is the encryption key Skipjack 
and the private key is the decryption key and any sys- 

tem user or node can masquerade as any other system Skipjack is a symmetric key algorithm viewed, as a 

user or node. 15 possible replacement to DES. Capstone is a data secu- 

In contrast to the conventional cryptographic algo- rit y chi P that utilizes ^ skipjack algorithm, secure 

rithms a public key method uses two different keys to bs ^ t ^S 011 ^ 1 the key exchange algorithm, {need 

encrypt and decrypt a message. Successful methods are a Te ^ CTence J 

designed so that neither key may be inferred from the 2 . Public Key Algorithms 

other. When used for authentication, the sender en- _ 

crypts messages using the encryption key which is held Public key algorithms are described in a paper by W. 

in secrecy. The decryption key is made publicly known. Dlffic M * E ' Hdlman entitled "Privacy and Au- 

Any.receiver can decrypt the message using the pub- ^entication: An Introduction to Cryptography," Pro- 

licly known key and be confident that the data is not „ ^^ of * e mEE ' Vol \ 6 7' N °' 3 ' ****** 1979 > PP 

forged or altered because only the presumed sender 25 39 7^ hereby mcorporated by reference. Examples of 

knows the corresponding encryption key. l ubh ^ ^^ P ^V yStemS m ^ S ' 

. In general it is preferable foV^erformance reasons to f Pat HeUman et at "Public Key Cryp- 

use conventional algorithms such as DES for bulk data S 7 ^ AP u P ? ^ d ^° d aad ^\ Pat No - 

encryption rather than to use a public key algorithm. ■ iS^^f"^- Cryptographic Apparatus 

The Digital Signature Algorithm (DSA) "hashes" 30 ^ Method hereby mcorporated by reference, 

the item to be authenticated so that a smaller "hash Digital Signature Standard (DSS) 

digest" is produced The original item is transmitted in ^ Nationa] ^ Qf Standards md Technology 

plamtext along with an encrypted version of the hash has d amethod fa ^ ^ 

digest The receiver authenticates by h^hmg the re. 33 ture f ba ^ on a 1985 paper b * T> Ei ^ 

! P c ttiS H cTT C h 6 " ^ ^ K <* Cryptosytfem and a Signature Scheme 

the transmitted hash digest and compares the two di- Based on Discrete Logarithms," IEEE Transactions on 

geststor equality. Information Theory, 31, 1985, pp. 469-472, hereby in- 

This method has some weaknesses when applied to by reference. The DSS proposes use of the 

software components First, because the component is 40 Digital signature Algorithm (DSA) to guarantee au- 

available m plaintext it is tempting for potential reusers thenticity and integrity of data transactions, 
to forget about authenticating the component and to 

simply use the plaintext as is. One could remedy this Rivest-Sharnir-Aldeman (RSA) 

defect by encrypting the entire component The prob- The RSA public key algorithm is described in U.S. 

lem with this approach is that public key cryptographic 45 Pat No . 4 ,405,829 to Rivest et. at. "Cryptographic 

schemes are very slow in operation (as compared to Communications System and Method" herein incorpo- 

pnvate key schemes); they may be unpractically slow rated by reference discloses the RSA public key algo- 

when applied to objects as large as software compo- rithm. 

nents with their related documentation. . 

The solution to this problem is to use a hybrid en- 50 HASHING 

cryption scheme of the present invention. With this a one-way function is a function which is easy to 

approach, the software component is encrypted using a compute in the forward direction, but hard to compute 

private-key method, like DES. The DES key could be m the reverse direction. That is, if Y=f(X) is a one-way 

generated in an arbitrary fashion for each usage so that, function then given any X it is easy . to compute the 

in practical terms, every usage is unique. The key that 55 corresponding Y, taking typically a fraction of a second 

was used for a software component is included with the on a small computer. But given any Y it is extremely 

encrypted software component. The encrypted soft- difficult to find the corresponding X, ideally taking 

ware component is hashed to generate a digest. The millions of years on the most powerful computer imag- 

digest and the DES key are then encrypted using the inable. A one-way function can be expansionary (Le., Y 

public key method. 60 is longer than X), compressive, or neither, depending on 

Reusers who wish to look at the software component the relative sizes of the ciphertext (Y) and key (X). For 

decrypt the hash digest and the DES key by applying purposes of this invention, we are primarily concerned 

the publicly known decryption key of the software with one-way compressive functions, where X is much 

component's publisher. The reuser regenerates the hash longer than Y. Typical values herein will be a 100,000 

digest from the encrypted software component and 65 bit length for X and a 100 bit length for Y. A method for 

compare it with the just-decrypted hash digest. The generating such an extremely compressive one-way 

reuser can use the just-decrypted DES key to quickly function are well known in the art Compressive func- 

decrypt the encrypted software component tions are also called "hash functions" and a one-way 
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compressive function is therefore called a one-way hash encrypted using a the encryption function of crypto- 

function. graphic algorithm #2 313. Cryptographic algorithm #2 

A method for deriving a one-way function from a 313 must be of a public key type. Both the hash digest 

conventional cryptographic system is described in sec- 3n and key 305 are encrypted using the encryption 

tion V of Diffie and Hellman's paper, "New Directions 5 function of cryptographic algorithm # 2 with the pri- 

in Cryptography", IEEE Transactions on Cryptogra- V ate key 3 IS. The private key must be properly safe- 

phy, vol IT-22, November 1976 (see, especially FIG. 3 guarded by the publisher. No one need know the pri- 

therein). If X is the plaintext representation of a soft- vate key 315 except the publisher. It is the public key 

ware component and Ej&(X) represents encrypted ver- associated with the private key, that can not be used to 

sion of X using an encryption algorithm E with a cryp- io derive the private key, that is pkced in the directory for 

tograpkc key Ke. Using a hashing function H, the hash ^ byreuser s. The publisher must make the public key, 

digest Hdis defined as follows: associated with private key 315 available to potential 

reusers in order for the reusers to obtain the plaintext 

H d =MEjrJX)) representation of the software component. 

15 The hash digest 311 and key 305 are encrypted using 

Computing H<f from X merely involves an encryption tne private key 315 and encryption function of crypto- 

BxtOQ and computing the hashing function (H) given graphic algorithm §1 313 to produce and encrypted 

the encrypted software component E K eQQ and is there- hash 317 ^ encrypted key 319. Therefore, 

fore a simple computation. But computing Ej&(X) or X , n we have produced the encrypted software component 

from Hd involves cryptoanalysis because X— H-'CH^) 307 » encrypted hash digest 317, and the encrypted key 

and is therefore difficult to compute. 319. The only data component missing from that shown 

One way hashing functions are well known in the art in FIG, 4 is the descriptive plaintext component. The 

Hashing functions suitable for use with the present in- descriptive plaintext component may be created by the 

vention are described in U.S. Pat No. 4,924,515 titled 2$ publisher using any word processor or a by filling in a 

"Secure Management of Keys Using Extended Control form provided by the reuse library or extracting the 

Vectors" to Matyas et al and U.S. Pat No. 4,908,861 information from the plaintext representation of the 

titled "Data Authentication Using Modification Detec- software component or from design or requirements 

tion Codes" to Brachtl et al which are hereby incorpo- specifications or any other source. This information 

rated by reference. 30 may consist of an abstract, a description, indexes, identi- 

rv ptfrt T9HTNP -fication of other software component from which the 

. ruilLlaruiNU particular software component was derived, identifica- 

A. DESCRIPTION tion of other software components required to make use 

When a publisher decides that a software component of ^ software component, testing status, relationship 

is ready for publishing several steps must be taken to 35 to othcr software components, publisher identity, intel- 

produce the software component record, as depicted in lectual property information. The reuse library may 

FIG. 4. Referring now to FIG. 3, which depicts data provide this information or a portion of the information 

objects as circles and functions as rectangles, we start & we ^ additional information to the descriptive 

with a software component 301 in a plaintext represen- plaintext component The descriptive plaintext compo- 

tation. This plaintext representation is typically source 40 nent k discussed in detail below in the section discussing 

code and is typically stored in ASCII or EBCDIC for- ^use Horary. 

mat although, other formats may be used with the pres- FIG * 5 describes a method that can be implemented in 
ent invention (i.e., for instance one of the many word hardware or software or any combination of hardware 
processing formats). The plaintext representation of the m ^ software. In step 501 the plaintext representation of 
software component is transformed by encryption func* 45 the software component is encrypted by a first crypto- 
tion of cryptographic algorithm #1 303 using crypto- graphic algorithm using a key. In step 503 the encrypted 
graphic key 305. Although a public key cryptographic software component produced in step 501, is hashed to 
algorithm may be used for cryptographic algorithm #1 generate a hash digest The hash digest from step 503 
303 it is preferable to use a conventional cryptographic and the key used in step 501 are then encrypted using a 
algorithm like DES. This is due to performance consid- 50 second cryptographic algorithm in step 505. The sec- 
era tions. Since the software , component may be quite ond cryptographic algorithm being of a public key type, 
large, a fester encryption function is desired so that a using the private key for encryption from the associated 
reuser is not kept waiting during decryption. Also a private and public keys. The encrypted software corn- 
conventional cryptographic algorithm makes browsing ponent of step 501, the encrypted hash digest of step 505 
of the software component by the reuser much faster. 55 and the encrypted key of step 505 are then sent to the 
Note that if a public key cryptographic algorithm type reuse library along with descriptive plaintext compo- 
is used for the cryptographic algorithm #1 303 then the nent for storage and other processing performed by the 
key supplied for cryptographic algorithm #2 313 would reuse library. 

be the public key (assuming that the private key is used g EMBODIMENTS 
to encrypt). 60 

The output of applying the encryption function for It should be noted that the functions described in 

cryptographic algorithm #1 using the cryptographic FIG. 3 and steps of FIG. 5 may be carried out in either 

key 305 is the encrypted software component 307. The hardware or software or a combination of both. As 

encrypted software component 307 is then input to the mentioned in the cryptographic sections above many 

hash function 309. The hash function 309 takes the en- 65 different cryptographic systems and functions are com- 

crypted software component 307 and produces a hash mercially available in hardware and software embodi- 

digest 311. Suitable hashing functions were discussed ments. Chip sets, boards, boxes, cards and software arc 

above. The hash digest 311 and the key 305 are then available for performing the encrypting and hashing 
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functions required for publishing a software compo- board and mouse, A working memory area 78 is also 
nent The preferred embodiment of the present inven- shown in memory 38. The working memory area 78 can 
tion is to have these functions performed using software be utilized by any of the elements shown in memory 38. 
so that interfacing with the reuse library can be per- The working memory area can be utilized by any. of 
formed from any computer system equipped with the 5 functions it may also be used to store the various data 
software. items. The working memory area 78 may be partitioned 

The preferred embodiment of the present invention amongst the elements and within an element The work- 
comprises one or more software systems. In this con- ing memory area 78 may be utilized for communication, 
text, software system is a collection of one or more buffering, temporary storage, or storage of data while a 
executable software programs, and one or more storage 10 program is running, 
areas, for example, RAM or disk. In general terms, a 

software system should be understood to comprise a ^* REUSING 

fully functional software embodiment of a function, A. DESCRIPTION 

which can be added to an existing computer system to — . , , . 

provide new function to that computer system. One 15 ^T** U f ?. d . by "J 8 ? 15 \ CTy sumlar to 
embodiment of the present invention is shown in FIG. b ? ±0 P^hsher except the steps are reversed. 

8. The embodiment of the publishing workstation de- Refemng now to FIG. 6 wmch derncts data objects as 
picted in FIG. 8 is a collection of functions and data ^ des ■»* ftmct f ons » mG ' provides a 

items. These functions and data items were explained in Pactional overview of what a reuser needs to do m 
detail above. As shown in FIG. 8 the preferred embodi- 20 order to reuse a software component stored in the reuse 
ment of this invention comprises a set of computer pro- Although not shown on FIG. 6 the reuser first 

grams for the generation of an encrypted software com- retneves or hbrar y 10 1*°*' 

ponent 90, encrypted hash digest 91, encrypted key 92, ware component record. The components of a software 
from a software component 97 along with the descrip- component record are depicted m FIG. 4. FIG. 6 shows 
tive plaintext component 93. FIG, 8 includes a proces- 25 the encrypted software component 601, the encrypted 
sor 20 connected by means of a system bus 22 to a read ^ 603 > ^ d encrypted key 605 of the re- 
only memory (ROM) 24 and memory 38. Also included tneved software component record. Note that the 
in the computer system in FIG. 8 are a display 28 by reuseT dso requires public key 607. Public key 607 is 
which the computer presents information to the user, obtained from the directory of publisher's public keys, 
and a plurality of input devices including a keyboard 26, 30 ^ Rectory is discussed in detail below. The public 
mouse 34 and other devices that may be attached via ^ey m ^ be requested from the directory from informa- 
input/output port 30. Other input devices such as other tion contained in the descriptive plaintext component 
pointing devices or a voice sensors , or image sensors ( not shown) of the retrieved software component re- 
may also be attached. Other pointing devices include cord - toe reuser knows which publisher's public 
tablets, numeric keypads, touch screen, touch screen 35 ke Y to request The public key 607 is used with the 
overlays, track balls, joy sticks, light pens, thumb decryption function of cryptographic algorithm #2 611. 
wheels etc. The I/O 30 can be connected to communi- Usin S ^e public key 607, the decryption function pro- 
cations lines, reuse library, directory, disk storage, input cesses the encrypted hash digest 603 and the encrypted 
devices, output devices or other I/O equipment. The kc y to yield the hash digest 614 and the key 619, 
computer system shown in FIG. 8 may also be con- 40 respectively. 

nected to the directory and reuse library via the com- The encrypted software component 601 is hashed by 
munications adaptor 36. Communications between the hash function 609 to yield bash digest 613. The hash 
publisher and other systems is provided via the commu- function 609 utilized in the reuse function must be the 
ni cations manager 75. Communications manager 75 same hash function that was utilized by the publisher, 
provides for the sending and receiving of data and re- 45 The hash digest 613 generated by the hash function 609 
quests. The memory 38 includes a display buffer 72 that is then compared with the hash digest 614 decrypted . 
contains pixel intensity values or character values for from decryption function 61L This comparison is made 
presentation on the display. The display 28 periodically by the comparator function 617. If the hash digest 613 
reads the values from the display buffer 72 displaying arid hash digest 614 are identical then no modification of 
these values or characters onto a display screen. 50 the software component has taken place and no corrup- 

As shown in FIG. 8, the memory 38 includes a word tion will be indicated by the corruption indicator 623. If 
processor 80, a hash function 81, an encryption function however, the hash digests are not identical then the 
for cryptographic algorithm #1 82, a encryption func- software component has been corrupted and a corrup- 
tion for cryptographic algorithm #2 83, hash digest 94, tion indication must be given. The indicator could be 
key 95 and private key 96. 55 any visual or audible signal. A message flashing on the 

The hash 81, encryption 82, encryption 83 and the screen accompanied by beeping is usually sufficient to 
word processor functions cause the software compo- inform the reuser that the software component has been 
nent record 89 with its four components: encrypted corrupted. 

software component 90, encrypted hash digest 91, en- If no corruption indicator . has been generated the 
crypted key 92 and the descriptive plaintext component 60 encrypted software component is decrypted using the 
93 to be generated as described above. The supervisor decryption function of algorithm #1 615 and the key 
98 can coordinate the data flow between these functions 619 obtained from decryption function 611. Note even if 
and make sure the output generated is sent to the reuse a corruption indication was generated the encrypted 
hbrary. Alternatively, each function can perform the software component. might be decrypted but presum- 
required data flow as required. Also shown in the mem- 65 ably the reuser would not want to use the corrupted 
ory 38 is an operating system 74. Other elements shown component for fear of the effect of the corruption (e.g., 
in memory 38 include drivers 76 which interpret the possible viruses, bugs, etc.). The result of decryption 
electrical signals generated by devices such as the key- function 615 using the encrypted software component 
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601 as input and the key 619 is the software component 

621. The software component 621 can now be viewed C EMBODIMENT 
by the reuser on the display, edited, modified or incor- It should be noted that the functions described in 
porated into a larger systems as the reuser desires. The FIG. 6 and steps of FIG. 7 may be carried out in either 
reuser may. also browse the software component 621 5 hardware or software or a combination of both. As 
using the browsing means described below. If the com- mentioned in the cryptographic sections above many 
parator function 617 detects corruption it could tag (or different cryptographic systems and functions are com- 
place text inside) the plaintext representation of the mercially available in hardware and software embodi- 
software component 621 with a warning label that indi- rnents. Chip sets, boards, boxes, cards and software are 
cates to anyone browsing the software component that 10 available for performing the decrypting and hashing 
the component has been modified and that reuse is not functions required for reusing a software component or 
recommended. FIG. 7 describes a method that can be obtaining a plaintext representation of one. The pre- 
implemented in hardware or software or any combina- fcrrcd embodiincnt of ^ present invention is to have 
tion of hardware and software. In step 700 one or more 15 functions Performed using software so that inter- 
software component records are retrieved or caused to facmg ^ reuse Ubrarv be performed from any 
be retrieved from the reuse library. In step 701 the wm P uter system equipped with the software, 
public key associated with the publisher of the retrieved embodiment of the present invention is shown in 
software component is obtained from a directory of ™' f-^ie embodiment of the publishing workstation 
publisher's public keys. In step 703 the encrypted hash 20 fZc ^. f I " * ^TT. ° f ^ *P 
digest and the encrypted key are decrypted using the ^ ?f 6 ^ons and d^ta items were explained m 
second cryptograph algorithm andtEe public key ^f*** ™ e P rcferred embodiment of the present 
obtained from s^ 701. In step 705 the encrypted soft* £ ventlon ™*P™* <« <* more software systems. In 

ware component hashed into a hash digest step W ^T^t S T ***** * * ^'T* ° f ^ ° T 
« * i_ j* . . * 2*!° , ^ / „. more executable software programs, and one or more 
*e hash digest obtaoed from step 705 and the hash 25 ^ for P r^oV disk. In general 
digest from step 703 are compared. If equal then an tcrms> a software system should be understood to com. 
mchcation that the software component was not modi- pvise a fully functional software embodiment of a func- 
fied or corrupted may be provided (not shown). If not tion , which ^ ^ ^ded to an existing computer sys- 
equal then in step 711 an indication is provided to the tern to provide new function to that computer system, 
reuser that the software component has been corrupted JU As shown in FIG. 9 the preferred embodiment of this 
or modified in some fashion. In step 713 the encrypted invention comprises a set of computer programs for the 
software component is decrypted using the first crypto- generation of plaintext representation of the software 
graphic algorithm and the key decrypted in step 703 to component 97. The computer system of FIG. 9 includes 
provide the plaintext representation of the software 35 a processor 20 connected by means of a system bus 22 to 
component Other steps may be added for instance to a read only memory (ROM) 24 and memory 38. Also 
support browsing as discussed below. included in the computer system in FIG. 9 are a display 
ti npn\i«2Tw<~ ucavc 28 °y which the computer presents information to the 
u. muwmjnu mjZAIso reuser, and a plurality of input devices including a key- 
After retrieving a software component record from 40 board 26, mouse 34 and other devices that may be at- 
the reuse library the reuser may easily browse informa- tached via input/output port 30. Other input devices 
tion contained in the descriptive plaintext component of such as other pointing devices or a voice sensors or 
the retrieved software component record. The brows- image sensors may also be attached. Other pointing 
ing displays or prints information in human readable devices include tablets, numeric keypads, touch screen, 
format The browsing means can write directly to the 45 touch screen overlays, track balls, joy sticks, fight pens, 
display buffer or via operating system calls. The de- thumb wheels etc. The I/O 30 can be connected to 
scriptive plaintext component of the software record communications lines, reuse library, directory, disk 
contains information designed to enable the reuser to storage, input devices, output devices or other I/O 
quickly determine whether a particular software com- equipment The computer system shown in FIG. 9 may 
ponent may be of value to the reuser. The reuser may 50 T° connected t0 Rectory and reuse library via 
also browse the plaintext representation of the software ^ communications adaptor 36. Communications be- 
component. This requires that the encrypted software reuser md oth « systems is provided via the 
component of the software, component record by de- conimumcauons manager 75. Commumcations manager 
crypted, as described above. Because the present inven- „ 11^^^!^^ T h "Ti ^ 

tion uses a symmetric cryptographic algorithm for en- 55 1^ \ "T? . ^ a ^ 72 

j 1 *: r f£ ^ 6 " that contains pixel intensity values or character values 

cryption and decryption of tte software component, for presentatio P n 0D the ^ ^ ^ b M ^ 

decryption can be performed relanvely fast In fact, ^ reads ^ vaJues from *J ^ 

while tte reuser is browsing the plaintext portion the ^ ^ va3ues or characters l dlsplzy 

encryption can be taking place in the background. ^ A software com p 0ne nt record 89 obtained from the 

Thus the reuser is presented with information con- rettsc library is shown in memory 38 along with its four 

tamed in the plaintext portion and then the plaintext components: the encrypted software 90, the encrypted 

representation of the software component in a seamless hash digest 91, the encrypted key 92, and the descrip, 

fashion so that decryption is transparent to the reuser. tive plaintext component 93. A public key 901 is also 

This requires an operating system that supports back- 65 shown in memory 38. The public key 901 may have 

ground processing or multi-processing or multi-tasking. been obtained via a network, via communications 

If corruption of the software component is detected adapter 36 or input by the reuser using any of the input 

then the reuser could be informed as indicated above. means specified above. 
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As shown in FIG. 9, the memory 38 includes a so that the classification may be more easily carried out 
browsing means 903, a hash function 81, an decryption The classification criteria can consists of any criteria 
function for cryptographic algorithm #1 905, a decryp- useful for discriminating among classes of reusers. Ex- 
tion function for cryptographic algorithm #2 907, and a amples of classification criteria are domain or applica- 
comparator function 909. These functions enable the 5 UO n oriented criteria. The reuse library may reclassify 
computer system to obtain the plaintext representation software components as the criteria evolve over time, 
of the software component 97 with an indication of in order for the reuse library to perform these other 
whether or not the software component 97 has been functions, the publishers may be required to furnish 
corrupted as described above. The supervisor 911 can certam plaintext inforrnation m the descriptive plaintext 
coordmate the data flow between these functions and 10 component of the software component record. The 
make obtain the software component from the reuse descriptive plaintext component thus contains infonna- 

library. The supervisor may after receiving the software -V + . *\ , c _* rt TVi_ • * ^ 7: 7 

component record 89 cause the browsing means 903 to ? f n0t "fPff ^ ^ormauon confined m 

immediately display information contained in the de- the d«cn P tive plaintext component need not be human 
scriptive plaintext component 93 allowing the reuser to 15 ^ ™ ^ * 
page or search through the information so provided. ^ mformatlon COIltained r m descnpnve 

While permitting the reuser to browse, the encrypted plaintext c o?P°*™} ^ consist of an abstract, a de- 
software component 90 can be decrypted. As an alter- scn P teon » indexes, identification of other software corn- 
native to the supervisor 911, each function can perform ? oaent from which the particular software component 
the required data flow as required. 2 0 WaS denved » identification of other software compo- 

Also shown in the memory 38 is an operating system nents Te <l™** d to make use of the software component, 
74. Other elements shown in memory 38 include drivers testing status, relationship to other software compo- 
76 which interpret the electrical signals generated by I ^ ents > publisher identity, intellectual property informa- 
devices such as the keyboard and mouse. A working ^ on * ^ e abstract and/or description would among 
memory area 78 is also shown in memory 38. The work- 25 otn er things decide the context for which the software 
ing memory area 78 can be utilized by any of the ele- component was developed. Intellectual property infor- 
ments shown in memory 38. The working memory area mation may contain licensing and/or derivation infor- 
can be utilized by any of functions it may also be used to mation and/or ownership information and/or a certifi- 
store the various data items. The working memory area cate of originality that certifies that the publisher ere- 
78 may be partitioned amongst the elements and within 3 q ated the work. Other software components referenced 
an element. The working memory area 78 may be uti- by the current software component may be identified by 
lized for communication, buffering, temporary storage, their unique identifier or some other suitable descrip- 
or storage of data while a program is running. tion. This information is essential for the reuse library to 

It should be noted that the reuser workstation and the perform indexing, cataloguing and classification steps 
publisher workstations embodiments can easily be pro- 35 and to provide reusers with complete information on a 
vided in a single computer system that allows an opera- particular software component in order to make a fully 
tor to be a reuser and a publisher. This combined work- informed selection decision. 

station may also contain an electronic directory. The reuse library may. also add plaintext or a refer- 

VI REUSE LIBRARY 61106 to plaintext that are reviews of the software com- 

40 ponents. The descriptive plaintext component could 
A. DESCRIPTION contain references to these reviews or actual contain the 

The reuse library is where the publishers send their reviews themselves. Reusers may provide reviews con- 
software component record for access by the reusers. cerning their experiences with using or adapting the 
The reuse library can be electronically networked to software component for their own purposes. The re- 
the publishers or the publishers may simply send the 45 views may also be created by independent reviewers as 
encrypted software component through the mail on the market place for reusable components grows. In 
diskettes, tapes, or other storage media. The reuse li- summary the descriptive plaintext component may con- 
brary must make the software component record avail- tain information provided from any source. The de- 
able for browsing and selection by the reusers. Thus, the scriptive plaintext component may be assembled by the 
reuse library must provide storage and retrieval func- 50 reuse library or the publisher or both, 
tions for the software component record. Each software FIG- 4 depicts the logical view of a record for one 
component record received by the reuse library must be software component 401 that is provided to the reuse 
registered so that the publisher and software component library. The reuse library in registering the software 
record can be uniquely identified. This usually entails component record would assign the software compo- 
assigning the software component record a unique iden- 55 nent record a unique identifier (not shown) and ! hen 
tifier. perform the necessary functions to store the software 

In addition to the reuse library's storage and retrieval component record. The software component record 
of software component records the reuse library may 401 consists of four components: the encrypted soft- 
provide for other services as well. These include cata- ware component 403, the encrypted hash digest 405, the 
loguing so that software component records referenc- 60 encrypted key 407 and the descriptive plaintext compo- 
ing other software component records can be easily nent 409. Note the descriptive plaintext component is 
located. Indexing and classifying the software compo- not the plaintext representation of the software compo- 
nents are other functions that the reuse library may nent. As was stated above the descriptive plaintext com- 
provide to assist reuser's in more quickly and efficiently ponent 409 may consist of any or all of the following 
locating relevant software components. The reuse li- 65 data: abstract, a description, indexes, identification of 
brary may m ai n tain its own classification data for classi- other software component from which the particular 
fying the software component The reuse library may software component was derived, identification of 
also require that the publisher fill out a requested form other software components required to make use of the 
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software component, testing status, relationship to 
other software components, publisher identity, intellec- 
tual property information. Other information may also 
be included in the descriptive plaintext component as 
required or needed. 5 

It should be noted that the software component re- 
cord 401 as shown in FIG. 4 is a logical view of the 
software component record. The software component 
record 401 may be physically stored in a variety of 
manners. Thus, the software components may be stored 10 
as a flat file or in database table or set of database tables 
or as objects or sets of objects in an object oriented 
database. A repository may also be used for storing the 
information contained in the software component re- 
cord. (See IBM System Journal Repository Manager 15 
Technology, VoL 29, No. 2, 1990 pp 209-227, by 
Sagawa hereby incorporated by reference). It should be 
noted that any method of storing and retrieving the 
information contained in the software component re- 
cord will work with the present invention. However, 20 
database or repository embodiments are preferred be- 
cause they permit the reusers to more easily search and 
locate a desired software component and makes the 
reuse library easier to maintain. This searching/brow- 
sing may entail decryption of the encrypted software 25 
component or may use the plaintext description and 
references as described above. 

The reuse library may be located on any computer 
system with suitable storage capability. A file server or 
database server machine where access is provided to 30 
publishers and reusers via a client/server architecture is 
a preferred embodiment. The publishers and reusers 
may be connected by phone lines, LAN, WAN, MAN, 
wireless, cellular telephone or any other communica- 
tions means. 35 

As was mentioned above the present invention con- 
templates working with multiple libraries. The libraries 
may specialize in particular problem domains, particu- 
lar languages, any other criteria or combinations of the 
above. 40 

B. EMBODIMENTS 

One embodiment for the reuse library of the present 
invention is shown in FIG. 9. The embodiment of the 
reuse library as depicted in FIG. 9 is a collection of 45 
functions and data items. These functions data items 
were explained in detail above. 

The preferred embodiment of the present invention 
comprises one or more software systems. In this con- 
text, software system is a collection of one or more 50 
executable software programs, and one or more storage 
areas, for example, RAM or disk. In general terms, a 
software system should be understood to comprise a 
fully functional software embodiment of a function, 
which can be added to an existing computer system to 55 
provide new function to that computer system. As 
shown in FIG. 10 the preferred embodiment of this 
invention comprises a set of computer programs for the 
storage and retrieval of software component records. 

The computer system of FIG. 10 includes a processor 60 
20 connected by means of a system bus 22 to a read only 
memory (ROM) 24 and memory 38. Also included in 
the computer system in FIG. 9 are a display 28 by 
which the computer presents information to the opera- 
tor of the reuse library and a plurality of input devices 65 
including a keyboard 26, mouse 34 and other devices 
that may be attached via input/output port 30. The I/O 
30 can be connected to communications lines, publish- 
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ex's workstations, Tenser's workstations, other reuse 
libraries, directory, disk storage, input devices, output 
devices or other I/O equipment. The computer system 
shown in FIG. 10 may also be connected to the publish- 
er's workstations and the reuser's workstations via the 
communications adaptor 36. Communications between 
the reuse library and other systems is provided via the 
communications manager 75. Communications manager 

75 provides the for sending and receiving of data and 
requests. The memory 38 includes a display buffer 72. 
The display 28 periodically reads the values from the 
display buffer 72 displaying these values or characters 
onto a display screen. 

A plurality of software component records 1001 are 
shown in memory 38 each having four components: the 
encrypted software, the encrypted hash digest, the en- 
crypted key, and the descriptive plaintext component 
The software components may be stored in a reposi- 
tory, a relational database, a flatfile, object oriented data 
base or any other means. The retrieval means 1003 and 
the storage means 1005 would then interface with the 
storage subsystem for the storage and retrieval of soft- 
ware component records. Also shown in memory are 
cataloging means 1007, classifying means 1009, and 
indexing means 1011. Also shown are the classifying 
criteria 1013, software component reviews 1015 and 
indexes 1017. The retrieval means 1005 may also con- 
tain a search capability that permits reusers connected 
to the reuse library to search through software compo- 
nent records 1001 uses a search criteria, key words, 
classification criteria, etc.. This search capability could 
use information contained in the descriptive plaintext 
component of the software component records. 

Also shown in the memory 38 is an operating system 
74. Other elements shown in memory 38 include drivers 

76 which interpret the electrical signals generated by 
devices such as the keyboard and mouse. A working 
memory area 78 is also shown in memory 38. The work- 
ing memory area 78 can be utilized by any of the ele- 
ments shown in memory 38. The working memory area 
can be utilized by any of functions it may also be used to 
store the various data items. The working memory area 
78 may be partitioned amongst the elements and within 
an element. The working memory area 78 may be uti- 
lized for communication, buffering, temporary storage, 
or storage of data while a program is running. 

It should be noted that the reuser workstation and the 
publisher workstations and reuse library embodiments 
can easily be provided in a single computer system that 
allows an operator to be a reuser and a publisher or a 
librarian. This combined workstation may also contain 
an electronic directory. 

VE. DIRECTORY 

The directory of publisher's public keys 105 (FIG 1 & 
FIG, 2) is basically a list or table. One column in the 
table contains the publisher and the other column con- 
tains the publisher's public key. The publisher's public 
key is required by the reuser in order to obtain the 
plaintext representation of any software component the 
publisher places in the reuse library. A publisher may 
have more than one public key (this implies that the 
publisher has more than one private keys). Publishers 
require write access to the directory or the ability to 
place their public keys in the reuse library. 

The reuser desiring to obtain or browse a software 
component must obtain the publisher public key. The 
directory may be contained on the same computer sys- 
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tem as the reuse library or another computer system or 
the reuser's computer system or no system at all. Thus 
the public keys may be contained in a notebook or print 
out. In this case the public key would be looked up in 
the book for input to the decryption hardware or soft- 5 
ware. Reusers require read access to the directory. 

If the directory is stored on a computer system the 
re user would obtain the public key and use it to decrypt 
the desired software component as described above. 
The reuser may obtain the public key by requesting the 10 
key associated with the publisher described in the plain- 
text portion of the software component record or via 
the unique identifier or a table provided by the reuse 
library or some other means. 

The directory may be placed on any computer sys- 15 
tem. A file server or database server where access is 
provided to publishers and reusers via a client/server 
architecture is a preferred embodiment. The publishers 
and reusers may be connected by phone lines, LAN, 
WAN, MAN, wireless, cellular network or other com- 20 
munications means. 

The directory may also be placed in a trusted system 
with access to the directory provided via a trusted path. 
Using a trusted system and a trusted path provides addi- . 
tional security in that only authorized individuals would 25 
have access to the public keys. Since the public keys are 
added to the directory by a trusted path and are ob- 
tained by only those parties granted access to the 
trusted system containing the directory would be able 
to access the directory and the public keys. A trusted 30 
file server can be utilized to provide an additional secu- 
rity mechanism. The trusted file server essential keeps 
the publisher's public keys semi-private in that only 
those individuals who are provided access to the trusted 
system can obtain access to the public keys. 35 

The present invention may also be utilized with a 
certification management system. A certification man- 
agement system can provide for the directory required 
by the present invention. A certification management 
system would handle public keys for other purposes and 40 
may also provided a means for certifying electronic 
signatures as well. The certification management sys- 
tem might be part of a greater encryption infrastructure. 
The certification management system may allow others 
to electronicly look up each other's public keys. The 45 
certification management system could also handle key 
exchanges and digital signatures. The reusers and pub- 
lishers might be connected to such a system by Interact 
or other network. 

VIII. ADVANTAGES AND CLOSING 50 

This present invention provides several advantages. 
The first advantage is that large software components 
are encrypted and decrypted using a fast private key 
scheme (like DES) rather than the slow public key 55 
methods. A second advantage is that the software com- 
ponent is sent to the reuse library and retrieved from the 
reuse library in encrypted form so that reusers cannot 
ignore authentication requirements. A third advantage 
is that the key associated with the conventional algo- 60 
rithm (the DES key) is encrypted so that adversaries 
cannot simply substitute a replacement key to accom- 
pany replacement text A fourth advantage is that the 
present invention can work any of the current crypto- 
graphic standards, like DES, and potential standards, 65 
like skipjack. Alternatively, the present invention can 
utilize the current de facto standard, RSA, or other 
public key methods rather than RSA. 



While the invention has been described in detail 
herein in accord with certain preferred embodiments 
thereof, modifications and changes therein may be ef- 
fected by those skilled in the art Accordingly, it is 
intended by the appended claims to cover all such modi- 
fications and changes as fall within the true spirit and 
scope of the invention. 

What is claimed: 

1. In a network of computers comprising at least one 
computer, the method for reusing software components 
that maintains the integrity and authenticity of the soft- 
ware components, said method comprising: 

generating an software component record using the 
following substeps: 

(a) encrypting a plaintext representation of a soft- 
ware component into a encrypted software com- 
ponent with a first cryptographic algorithm 
using first key; 

(b) hashing the encrypted software component to 
generate a first hash digest; 

(c) encrypting the first hash digest and the first key 
using a second cryptographic algorithm with a 
second key, wherein said second cryptographic 
algorithm is of a public key type and said second 
key is the private key associated with at least one 
public key, said software component record con- 
sisting of the encrypted software component, the 
encrypted hash digest, and the encrypted first 
key; storing the software component record in a 
reuse library; 

retrieving the software component record from the 
reuse library; 

generating the plaintext representation of the soft- 
ware component using the following substeps: 

(a) obtaining a public key associated with the sec- 
ond key from a public key directory; 

(b) decrypting the encrypted hash digest and the 
encrypted first key into the decrypted first key 
and the decrypted first hash digest using the 
public key and the second cryptographic algo- 
rithm; 

(c) hashing the encrypted software component to 
generate a second hash digest; 

(d) comparing the second hash digest with the 
decrypted first hash digest, and if not identical 
indicating that the software component is cor- 
rupted, if identical indicating that the software is 
not corrupted; 

(e) decrypting the encrypted software component 
into the plaintext representation using the de- 
crypted first key and the first encryption algo- 
rithm. 

2. The method of claim 1 wherein the Data Encryp- 
tion Standard is used as the first cryptographic algo- 
rithm and the Digital Signature Algorithm is used as the 
second cryptographic algorithm. 

3. The method of claim 1 wherein the Data Encryp- 
tion Standard is used as the first cryptographic algo- 
rithm and the RSA is used as the second cryptographic 
algorithm. 

4. The method of claim 1 wherein the Skipjack is used 
as the first cryptographic algorithm and the Digital 
Signature Algorithm is used as the second crypto- 
graphic algorithm. 

5. The method of claim 1 wherein the Skipjack is used 
as the first cryptographic algorithm and the RSA is 
used as the second cryptographic algorithm. 
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6. The method of claim 1 wherein the software com- a means for obtaining the public key from the direc- 
ponent record includes a descriptive plaintext compo- tory, said public, key associated with the second 
nent containing a description of the software compo- key of the desired encrypted software component; 
nent a first decrypting means for decrypting the encrypted 

7. The method of claim 6 wherein the descriptive 5 hash digest and the encrypted first key into the 
plaintext component includes information regarding decrypted first key and the decrypted first hash 
data rights and ownership rights. digest using the public key and the second crypto- 

8. The method of claim 6 wherein the plaintext repre- graphic algorithm; 

sentation of the software component also includes infor- an hashing means for hashing the encrypted software 

mation defining the software components relationship 10 component to generate a second hash digest; 

to other software component records in the reuse li- a comparing means for comparing the second hash 

brary. digest with the decrypted first hash digest, and if 

9. The method of claim 7 wherein the plaintext repre- not identical indicating that the software compo- 
sentation of the software component also includes infor- nent is corrupted, if identical indicating that the 
mation defining the software components relationship 15 software is not corrupted; 

to other software component records in the reuse li- a second decrypting means for decrypting the en- 

brary. crypted software component into the plaintext 

10. The computer system comprising: representation using the decrypted first key and the 
a reuse library having a plurality of encrypted soft- first encryption algorithm. 

ware components each software component record 20 11. The system of claim 10 wherein the reuser work- 
having an encrypted software component, an en- station also includes a display means for displaying the 
crypted hash digest, and an encrypted first key; plaintext representation of the software component 

said reuse library having a storage means for storing record and for providing an indication of corruption. 

encrypted software components; 12. The system of claim 10 wherein the reuser work- 
said reuse library having a retrieval means for retriev- 25 station also includes a browsing means for browsing 
ing encrypted software components; encrypted software components stored in the reuse 

a directory containing a list of publishers and an asso- library, 

dated list of public keys; 13. The system of claim 10 wherein the plurality of 

at least one publisher's workstation coupled to the . encrypted software components and the directory are 

reuse library, said publishers workstation having 30 stored in a relational database. 

an first encrypting means for encrypting a plaintext 14. The system of claim 10 wherein the plurality of 

representation of a software component into a en- encrypted software components and the directory are 

crypted software component with a first crypto- stored in a object oriented database, 

graphic algorithm using first key; 15. The system of claim 10 wherein the reuse library 

an hashing means for hashing the encrypted software 35 includes a catalogue means for assigning the software 

component to generate a first hash digest; component record a unique identifier and for classifying 

a second encrypting means for encrypting the first the software component record, 
hash digest and the first key using a second crypto- 16. The system of claim 15 wherein the catalogue 
graphic algorithm with a second key, wherein said means classifies the software component record accord- 
second cryptographic algorithm is of a public key 40 ing to a set of classification criteria, 
algorithm type and said second key is the publish- 17. The system of claim 10 wherein the Data Encryp- 
er's private key associated with a publisher's public tion Standard is used as the first cryptographic algo- 
key, said software component record consisting of . rithm and the Digital Signature Algorithm is used as the 
the encrypted software component, the encrypted second cryptographic algorithm, 
hash digest, and the encrypted first key; 45 18. The system of claim 10 wherein the Data Encryp- 

a communications means for sending the software tion Standard is used as the first cryptographic algo- 

component record to the reuse library for storage rithm and the RSA is used as the second cryptographic 

by the storage means; algorithm. 

at least one reuser workstation coupled to the reuse 19. The system of claim 10 wherein the Skipjack is 

library, said reuser workstation having 50 used as the first cryptographic algorithm and the Digi- 

a requesting means for sending a request to the reuse tal Signature Algorithm is used as the second crypto- 

library for a desired encrypted software compo- graphic algorithm. 

nent, wherein said request causes the retrieval 20. The system of claim 10 wherein the Skipjack is 

means of the reuse library to retrieve the desired . used as the first cryptographic algorithm and the RSA 

software component and send it to the requesting 55 is used as the second cryptographic algorithm, 

workstation; ♦ * * * * 
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corrected as shown below: 

Title page, before item [57] Abstract, in the "Attorney, Agent or Firm 1 ' 
"Mark A. Wurm" to —John D. Flynn, Mark A. Wurm™. 

Column 1, Line 17, change "theft" to —their— (2 occurrences). 

In Claim 1, Column 20, Line 13, change "an" to — a — . 

In Claim 1, Column 20, line 17, change "a" to —an—. 

In Claim 8, Column 21, line 10, change "components" to — component's — . 

In Claim 9, Column 21, line 15, change "components" to — component's — . 

In Claim 10, Column 21, line 31, change "an first" to —a first—. 

In Claim 10, Column 21, line 32, change "into a" to —into an—. 

In Claim 10, Column 21, line 35, change "an hashing means" to —a hashing 
means — . 

In Claim 10, Column 22, line 9, change "an hashing means" to —a hashing 
means — . 
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